Server Workload Assignment Based on Known Update/Security Vulnerabilities

1. A computing cluster, comprising: a plurality of compute nodes in a computing cluster, each of the compute nodes comprising at least one processor; and a management system comprising one or more processors configured to manage the plurality of compute nodes by performing an operation comprising: determining that a first component on a first compute node, of the plurality of compute nodes in the computing cluster, violates a compliance rule, wherein the first compute node executes a plurality of workloads, wherein a software update is configured to correct the violation of the compliance rule by the first component of the first compute node; identifying one or more predefined operations associated with the compliance rule; and performing the one or more predefined operations while deferring applying the software update for a period of time; and executing, by the first compute node, at least one of the plurality of workloads during the period of time.

2. The computing cluster of claim 1 , wherein the one or more predefined operations comprises a first predefined operation to defer applying the software update to the first compute node for the period of time and a second predefined operation to restrict use of the first compute node during the period of time, and wherein the first component comprises at least one of: (i) a firmware of a hardware component of the first compute node, (ii) a software component of at least one of the plurality of workloads, (iii) a software component configured to manage the plurality of workloads of the first compute node, and (iv) a first workload, of the plurality of workloads.

3. The computing cluster of claim 2 , wherein the first component comprises the first workload, wherein the one or more predefined operations comprise at least one of: (i) disabling the first workload, (ii) altering the first workload, and (iii) moving the first workload to a second compute node of the plurality of compute nodes, wherein the second compute node does not violate the compliance rule.

4. The computing cluster of claim 2 , wherein the first component comprises the software component of at least one of the plurality of workloads, wherein the one or more predefined operations comprise at least one of: (i) uninstalling the software component from the at least one of the plurality of workloads, (ii) disabling the software component from the at least one of the plurality of workloads, (iii) moving the at least one of the plurality of workloads to a second compute node of the plurality of compute nodes, wherein the second compute node does not violate the compliance rule.

5. The computing cluster of claim 2 , wherein the first component comprises the firmware of the hardware component of the first compute node, wherein the one or more predefined operations comprise: identifying a first set of workloads, of the plurality of workloads, that interact with the hardware component; and moving the first set of workloads to a second compute node of the plurality of compute nodes, wherein the second compute node does not violate the compliance rule, wherein the at least one of the plurality of workloads executed by the first compute node without applying the software update comprise a second set of workloads that do not interact with the hardware component.

6. The computing cluster of claim 1 , wherein the violation of the compliance rule comprises at least one of: (i) executing, by the first compute node, an out of date software module, (ii) executing, by the first compute node, a software component that has a security vulnerability, and (iii) executing, by the first compute node, a software component experiencing a runtime error.

7. The computing cluster of claim 1 , wherein the first component is determined to violate the compliance rule based on metadata associated with the software update relative to at least one attribute of the first component.

8. The computing cluster of claim 1 , wherein the one or more predefined operations associated with the compliance rule are configured to correct the violation of the compliance rule.

9. A computer program product comprising: a computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code executable by one or more computer processors to perform an operation comprising: determining that a first component on a first compute node, of a plurality of compute nodes in a computing cluster, each of the compute nodes comprising at least one processor, violates a compliance rule, wherein the first compute node executes a plurality of workloads, wherein a software update is configured to correct the violation of the compliance rule by the first component of the first compute node; identifying one or more predefined operations associated with the compliance rule; and performing the one or more predefined operations while deferring applying the software update for a period of time; and executing, by the first compute node, at least one of the plurality of workloads during the period of time.

10. The computer program product of claim 9 , wherein the one or more predefined operations comprises a first predefined operation to defer applying the software update to the first compute node for the period of time and a second predefined operation to restrict use of the first compute node during the period of time, and wherein the first component comprises at least one of: (i) a firmware of a hardware component of the first compute node, (ii) a software component of at least one of the plurality of workloads, (iii) a software component configured to manage the plurality of workloads of the first compute node, and (iv) a first workload, of the plurality of workloads.

11. The computer program product of claim 10 , wherein the first component comprises the first workload, wherein the one or more predefined operations comprise at least one of: (i) disabling the first workload, (ii) altering the first workload, and (iii) moving the first workload to a second compute node of the plurality of compute nodes, wherein the second compute node does not violate the compliance rule.

12. The computer program product of claim 10 , wherein the first component comprises the software component of at least one of the plurality of workloads, wherein the one or more predefined operations comprise at least one of: (i) uninstalling the software component from the at least one of the plurality of workloads, (ii) disabling the software component from the at least one of the plurality of workloads, (iii) moving the at least one of the plurality of workloads to a second compute node of the plurality of compute nodes, wherein the second compute node does not violate the compliance rule.

13. The computer program product of claim 10 , wherein the first component comprises the firmware of the hardware component of the first compute node, wherein the one or more predefined operations comprise: identifying a first set of workloads, of the plurality of workloads, that interact with the hardware component; and moving the first set of workloads to a second compute node of the plurality of compute nodes, wherein the second compute node does not violate the compliance rule, wherein the at least one of the plurality of workloads executed by the first compute node without applying the software update comprise a second set of workloads that do not interact with the hardware component.

14. The computer program product of claim 9 , wherein the first component is determined to violate the compliance rule based on metadata associated with the software update relative to at least one attribute of the first component, wherein the violation of the compliance rule comprises at least one of: (i) executing, by the first compute node, an out of date software module, (ii) executing, by the first compute node, a software component that has a security vulnerability, and (iii) executing, by the first compute node, a software component experiencing a runtime error.